{"id":75931,"date":"2013-06-10T17:58:22","date_gmt":"2013-06-10T12:28:22","guid":{"rendered":"https:\/\/blogs.quickheal.com\/?p=75931"},"modified":"2013-06-10T17:58:22","modified_gmt":"2013-06-10T12:28:22","slug":"watering-hole-attack-an-overview","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/watering-hole-attack-an-overview\/","title":{"rendered":"Watering Hole Attack – An Overview"},"content":{"rendered":"

Guess what would be a better way for a predator to stalk its prey, rather than chasing it? Well, waiting patiently at a watering hole, where its prey would eventually turn up. Strangely, in the online world, hackers are also using the same strategy to trap their victims. This blog gives you an overview of watering hole attack.<\/span><\/span><\/p>\n

What is a Watering Hole Attack?
\n<\/b>We are discussing here a new breed of online fraud called “watering hole attack” – an evolved form of spear-phishing. In spear-phishing, the scammer intends to target individual victims by sending malware-infested emails, and luring them into giving confidential information. A watering hole attack, on the other hand, does not use any such emails, for it infects an entire website the victims of a targeted business or organization are most likely to visit.<\/span><\/span><\/p>\n

In other words<\/em>
\n<\/b>A watering hole attack is like poisoning an entire grocery store of the town and waiting for someone to buy from it, instead of luring each victim into buying a poisoned item.<\/span><\/span><\/p>\n

\"watering-hole-attack2\"<\/a><\/p>\n

The Working of the Attack<\/span>
\n<\/b><\/span><\/span><\/p>\n

Step 1: <\/b><\/span><\/span>The scammer does homework on its targeted victims and \u201ctrusted\u201d websites they frequently visit or are most likely to visit. For instance, mobile developers usually visit a developer forum, and so on.<\/span><\/span><\/p>\n

Step 2<\/b><\/span><\/span>: Once these websites are identified by the scammer, they are tested for security vulnerabilities. If any such vulnerability is found, then the scammer injects the website with an exploit [<\/span><\/span>a piece of data or a series of commands<\/i><\/span><\/span>].<\/span><\/span><\/p>\n

The Final Blow<\/b><\/span><\/span>: When the victim visits the compromised website (the \u201cwatering hole\u201d), their system is scanned for software vulnerabilities (old and\/or new) corresponding to the injected exploit. And if the system is found so, then the exploit drops malware onto it, allowing the attacker to initiate malicious activities. In most cases, the malware might be a remote access Trojan, that can invite other malware to enter the system.<\/span><\/span><\/p>\n

Why Watering Hole Attack is Effective?<\/b>
\nExperts say, watering hole attack is an ingenious form of fraud, for it targets websites that are legitimate, frequently visited, and less likely to be blacklisted. If you regularly follow your local weather forecast website, then you might have fewer reasons to suspect it as a malicious website. Same goes with mobile developers, who frequent a variety of websites (developer websites, forums, etc.) to collate essential information or to discuss their projects. Given such a scenario, even training employees to be on guard for such web attacks is futile, according to most security officials.<\/span><\/span><\/p>\n

The Zero-Day Advantage<\/b>
\nWatering hole attacks are also effective, for they have the \u201czero-day exploits\u201d card in their deck. These exploits take advantage of security holes or vulnerabilities that have surfaced recently and are yet to have any solutions or fixes. So, once these zero-day threats strike, the targeted victim is left with less or no defence at all.<\/span><\/span><\/p>\n

Common Targets of Watering Hole Attacks
\n<\/b>
\n\u2022 Defence sectors
\n\u2022 Academic sectors
\n\u2022 Government organisations
\n\u2022 Financial services
\n\u2022 Healthcare industry
\n\u2022 Utilities sectors
\n<\/b><\/span><\/span><\/p>\n

Companies that were Recently Attacked<\/b><\/span><\/span><\/p>\n

\u2022 Facebook
\n\u2022 Apple
\n\u2022 Twitter [the attack compromised account credentials of 250,000 users on Twitter]
\n\u2022 Microsoft
\n\u2022 U.S. Department of Labor
\n\u2022 Council on Foreign Relations (CFR)
\n\u2022 WTOP.com
\n\u2022 Federalnewsradio.com
\n\u2022 Dvorak.org<\/span><\/span><\/p>\n

<\/strong>The web security feature of Quick Heal Security Solutions employs real time cloud-based protection and browser sand box. The cloud-based protection blocks malware-infected websites (\u201cwatering holes<\/a>\u201d), and the sandbox shields the user’s system against zero-day attacks. As everyday Internet users, implementing all such security features is the best we can do to evade scams such as watering hole attacks.<\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Guess what would be a better way for a predator to stalk its prey, rather than chasing it? Well, waiting patiently at a watering hole, where its prey would eventually turn up. Strangely, in the online world, hackers are also using the same strategy to trap their victims. This blog gives you an overview of […]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[133,24,303],"tags":[363,364,365,366,367,368],"class_list":["post-75931","post","type-post","status-publish","format-standard","hentry","category-hacker","category-malware","category-phishing","tag-compromised-legitimate-websites","tag-security-vulnerabilities","tag-spear-phishing","tag-watering-hole-attacks","tag-web-security","tag-zero-day-attacks"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/75931"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=75931"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/75931\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=75931"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=75931"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=75931"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}